On 07/23/2009 06:00 PM, Christoph Höger wrote:
> Hi Dan,
>
> I got something like:
>
> type=SYSCALL msg=audit(1248337552.277:51): arch=40000003 syscall=5
> success=yes exit=9 a0=2590dd8 a1=8000 a2=0 a3=0 items=0 ppid=3929
> pid=3934 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=(none) ses=1 comm="smtp" exe="/usr/libexec/postfix/smtp"
> subj=unconfined_u:system_r:postfix_smtp_t:s0 key=(null)
> type=AVC msg=audit(1248337552.277:52): avc: denied { lock } for
> pid=3934 comm="smtp" path="/home/choeger/cert/sasl_passwd.db" dev=dm-1
> ino=2976113 scontext=unconfined_u:system_r:postfix_smtp_t:s0
> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
>
> (that's just a simple example)
>
> Basically postfix_smtp_t and user_home_t do not play nice - which is not
> a big surprise since that is what confinement is all about, but I wish
> there would be a way to handle that use case.
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
THe best thing for something like this is to set the labeling. If you want to have certificates in your homedir, you need to set the labeling to something like cert_t.
# semanage fcontext -a -t cert_t '/home/choeger/cert(/.*)?'
# restorecon -R -v /home/choeger/cert
Should fix.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
